When users change their Cisco Personal Communications Assistant (PCA) password in the Messaging Assistant, they also must update the password from their IMAP email client application so that the client can continue to access Connection and retrieve voice messages. Likewise, when LDAP authentication is configured and the PCA password is changed in LDAP, the password configured in the IMAP email client application must be updated.

Users who use ViewMail for Outlook also must change the password in ViewMail for Outlook options when the PCA password has been changed. If the PCA password has been changed but ViewMail has not been updated, users typically see a message indicating that the invalid credentials were entered for the account when they try to use ViewMail features.

If users have trouble signing in to an IMAP client, or have trouble receiving voice messages in an IMAP client, consider the following possibilities:

•If the IMAP client application prompts a user for the Cisco Personal Communications Assistant (PCA) password, but does not accept it:

–The Cisco Unity Connection user account may be locked because of too many invalid sign-in attempts.

–The Connection user account may have been locked by an administrator.

–The Connection user password may have expired.

–The Connection user account may have been configured to require that the user specify a new password.

–The Connection user may be entering the wrong password.

Users who belong to a class of service that allows access to the Messaging Assistant or to the Messaging Inbox can try to sign in to the Cisco PCA instead; the Cisco PCA displays an error message that explains why the sign-in attempt is failing. Users who cannot access the Messaging Assistant or the Messaging Inbox must contact an administrator for assistance.

•If Microsoft Outlook users are not prompted for their Cisco PCA password, confirm that the Remember Password check box on the Internet Email Settings (IMAP) page is not checked. If this option is checked, and the password of the user has expired, changed, or is locked, Microsoft Outlook does not prompt the user to enter the Cisco PCA password. The result is that the user does not receive voice messages from Connection, and Outlook prompts for the username and password.

If you are using LDAP authentication and using an IMAP email client to access Cisco Unity Connection voice messages, and if users who are integrated are with the LDAP are unable to authenticate, consider the following possibilities:

•If you are using Active Directory, confirm that the server you are using for authentication is a global catalog server and that you are using port 3268 (if you are not using SSL to encrypt data that is transmitted between the LDAP server and the Connection server) or port 3269 (if you are using SSL). Authentication settings are on the System Settings > LDAP > LDAP Authentication page in Connection Administration.

If you change any values on the LDAP Authentication page, and if IMAP clients are accessing Connection, restart the Connection IMAP Server service in Cisco Unity Connection Serviceability. If other web applications are accessing Connection (for example, Cisco Personal Communications Assistant), restart the server.

•If the problem occurs even though you are already using a global catalog server or you are not using Active Directory, try to sign in to the Cisco PCA by using an account that cannot sign in to an IMAP email client.

–If that fails, then there are two likely causes: either the specifications on the LDAP Authentication page are incorrect, or there is a problem with user credentials on the LDAP server, for example, the password has expired or the user is specifying the wrong password.

–If that succeeds, and if you have configured SSL to encrypt data that is transmitted between the LDAP server and the Connection server, there may be a problem with the SSL certificate. To confirm, uncheck the Use SSL check box, change the port to 3268, restart the Connection IMAP Server service in Cisco Unity Connection Serviceability, and try again.

Messages Sent From an IMAP Client Are Not Received in Cisco Unity Connection 9.x

If users cannot send messages through the Cisco Unity Connection server from an IMAP client—for example, messages remain in the Outbox, an SMTP error is displayed in the client, or users receive non-delivery receipts (NDRs)—consider the following possibilities:

•If Connection is not configured to allow clients to connect from untrusted IP addresses on the System Settings > SMTP Configuration > Server page in Cisco Unity Connection Administration, the IP address of the client must appear in the IP address access list in Connection. See the "Checking the IP Address Access List" section.

•If Connection is configured to allow clients to connect from untrusted IP addresses on the System Settings > SMTP Configuration > Server page in Connection Administration, two additional settings on this page can affect the ability of an IMAP client to send messages.

–If the Require Authentication From Untrusted IP Addresses check box is checked, the client must be configured to authenticate with the outgoing SMTP server.

–If the Transport Layer Security From Untrusted IP Addresses field is set to Required, the client must be configured to use Secure Sockets Layer (SSL) when connecting to the Connection server.

•The email address of the message sender must exactly match a primary or proxy SMTP address configured in Connection, as follows:

–If the message is being sent from an IMAP client that is authenticated with the Connection server, the email address must exactly match either the primary SMTP address that is displayed on the User Basics page for the user in Connection Administration or one of the SMTP proxy addresses that are configured on the SMTP Proxy Addresses page for the user.

–If the message is being sent from an IMAP client that is not authenticated with the Connection server, the email address can match a primary or proxy address that is configured for any user on the Connection server.

•The email address of the message recipient must match a primary or proxy SMTP address that is configured for a Connection user, or an SMTP proxy address that is configured for a VPIM contact. If no such match is found, Connection relays the message to the SMTP smart host, or sends an NDR to the sender, depending on the option selected in the When a Recipient Cannot be Found setting on the System Settings > General Configuration page in Connection Administration. By default, Connection sends an NDR.

•The message exceeds the maximum length or number of recipients per message that are configured on the System Settings > SMTP Server Configuration page in Connection Administration. (By default, the maximum allowed message length is 10 MB.)

•The IMAP client is unable to reach the Connection SMTP server because of network connectivity issues or because access is blocked by a firewall.

In many of these error cases, the IMAP client may display an SMTP error when attempting to send a message to the Connection server. This error includes an error code and a text description that can help narrow down the source of the problem. If the client application does not display SMTP errors to the user, or if you still have not identified the problem after checking the potential causes above, the SMTP and MTA micro traces (all levels) are helpful for diagnosing issues related to SMTP connectivity and message transport. When examining the logs, start with the SMTP log first, then review the MTA log. (The SMTP service authenticates the client and receives the message; the MTA service processes the message and addresses it to the correct Connection user or contact.) For detailed instructions on enabling the traces and viewing the trace logs, see the "Diagnostic Traces in Cisco Unity Connection 9.x" chapter.

Checking the IP Address Access List

If you choose not to allow connections from untrusted IP address lists, the IP address of each client must be configured in the IP access list, and the Allow Connection check box must be checked. If the access list is not configured properly, the client may display an SMTP error code of 5.5.0, indicating that the connection was refused. Do the following procedure to check and update the IP address access list.

Step 3 Confirm that the IP address in use by the IMAP client appears as an entry in the list, and that the Allow Connection check box is checked.

Step 4 To add a new IP address to the list, select Add New.

Step 5 On the New Access IP Address page, enter an IP address, or you can enter a single * (asterisk) to match all possible IP addresses.

Step 6 Select Save.

Step 7 On the Access IP Address page, check the Allow Connection check box to allow connections from the IP address that you entered in Step 4. To reject connections from this IP address, uncheck the check box.

Step 8 If you have made any changes on the Access IP Address page, select Save.

Messages Are Received in an Email Account Rather Than a Voice Mailbox in Cisco Unity Connection 9.x

If users unexpectedly receive voice messages in their corporate or other email accounts rather than their Cisco Unity Connection mailboxes, consider the following possibilities:

•If the user email profile has an Exchange account, the Cached Exchange Mode setting in Outlook must be enabled.

•If message actions for the recipient are configured to relay messages of a particular type (voice, email, fax or delivery receipt) to the user at the corporate email address, this is the expected behavior.

Voice Messages Are Not Received in an IMAP Account

If users do not receive incoming voice messages in the email client inbox, check the Junk-Email or other spam folder. The mail client may automatically filter voice messages to this folder. For information on configuring spam filtering to exclude a class of messages, refer to the email client documentation.

You may also need to check the configuration of any email appliance or server-side anti-spam filters in your organization to see if voice messages are being routed to Junk mail, voice attachments are being removed, or the policy is otherwise interfering with the delivery of voice messages to user mail clients.

In cases where user email profiles have an Exchange account, and the users are using Cisco Unity Connection ViewMail for Microsoft Outlook 8.0, they may experience the following intermittent problems:

•When using ViewMail for Outlook to reply to a voice message, the recipient receives a corrupt voice message that cannot be played.

•When using ViewMail for Outlook to forward a voice message with an introduction to another Connection user, the recipient hears only the introduction; the original message is not heard.

•When using ViewMail for Outlook to forward a voice message to another Connection user, the message is delivered to the Exchange mailbox of the recipient instead of to the Connection mailbox of the recipient. Additionally, the message is corrupt, and cannot be played.

For each of these problems, the solution is to enable the Cached Exchange Mode setting in Outlook.

Recording or Playback Devices Do Not Appear in ViewMail Account Settings in Cisco ViewMail for Microsoft Outlook

If a particular recording or playback device that is connected to the computer does not appear as an option in the Audio Devices lists while composing a message or in the ViewMail Account Settings dialog, restart Outlook. ViewMail for Outlook does not recognize devices that were recently added to the computer until you restart Outlook.

Messages Cannot Be Played through Cisco ViewMail for Microsoft Outlook 8.5 and Later

If the "Recording or Playback Messages Failed - no recording device" error message appears while recording or playing voice messages through ViewMail for Outlook 8.5 and later, make sure that the proxy is not enabled in the Internet Explorer. If you want to play or record voice messages while proxy is enabled, you need to add the hostname or IP address of Cisco Unity Connection in the proxy exception list to avoid failure in recording or playing voice messages through ViewMail.

User Email Account Does Not Appear in ViewMail Options in Cisco ViewMail for Microsoft Outlook

If you have recently added an email account to Outlook but the account does not appear as an option when you try to add it as an Associated Email Account in ViewMail Options, restart Outlook. ViewMail for Outlook does not recognize email accounts that were recently added to Outlook until you restart Outlook.

Cisco Unity Connection ViewMail for Microsoft Outlook 8.0 Form Does Not Appear

If the Cisco Unity Connection ViewMail for Microsoft Outlook 8.0 form does not appear after you have installed ViewMail on a user workstation, consider the following:

•Only new messages are displayed with the form. Messages that were in the user mailbox prior to installing ViewMail do not display with the form.

•You must close and restart Outlook after installing ViewMail. If the user is running a synchronization program for a PDA device, the Outlook.exe process may not have fully exited when Outlook was shut down. If that is the case, close the synchronization program and then close and restart Outlook.

•The ViewMail form may have been disabled by Outlook. To determine if Outlook has disabled the form, select Help > About Microsoft Office Outlook > Disabled Items to see whether vmoexchangeextension.dll is in the list.

Login via IMAP fails for LDAPS if IP Address of LDAPserver is configured

It has been observed that login via IMAP clients for LDAP imported users, fails for LDAP-SSL case, if IP address of LDAP server is configured under LDAP authentication on CUCA page instead of FQDN or hostname of LDAP server. This would not impact the Java applications i.e. login via Cisco PCA would work fine for all the LDAP imported users. Customers who for some reason do not enable DNS must use the following workaround to use any non Java application to authenticate using SSL (CTI, TSP, etc.) The /etc/openldap/ldap.conf file contains information necessary for the openLDAP library to function properly. An issue involving certificates and openLDAP exists where openLDAP must be able to verify the certificate in order to connect to an LDAP server. The problem is, certificates are issued with a Fully Qualified Domain Name (FQDN), and if the customer's are not making use of DNS for any reason, they will be required to enter an IP Address on the LDAP Authentication web page (System->LDAP->LDAP Authentication). Part of the openLDAP verification is to match the FQDN with the server being accessed. Since the uploaded certificate uses FQDN and the web form is using IP Address, openLDAP will not be able to connect. The fix for this is for the customer to use DNS if possible.